SIO-9.6.4
Senior management, and where appropriate, the boards, should receive comprehensive reports, covering cyber security issues such as the following:
(a) Key Risk Indicators/ Key Performance Indicators;
(b) Status reports on overall cyber security control maturity levels;
(c) Status of staff Information Security awareness;
(d) Updates on latest internal or relevant external cyber security incidents; and
(e) Results from penetration testing exercises.
Added: July 2025